The Bad Rabbit Ransomware: What it is, What to do

The Bad Rabbit Ransomware was first spotted on 24th October in Russia and Ukraine. Similar but fewer attacks have also been seen in other countries – Ukraine, Turkey and Germany. There are almost 200 targets, according to the KSN statistics. These have included the Kiev Metro, Odessa airport. In response, the Ukrainian national computer emergency team issued a warning about Bad Rabbit.

How does the Bad Rabbit Work?

Bad Rabbit malware is disguised as an Adobe Flash installer. When the innocent-looking file is opened it starts locking the infected computer. The Flash download has been installed in websites using JavaScript injected into the HTML or Java files of the affected websites.

A message will pop up on users’ screens telling them their computer had been locked and they must pay £280 in Bitcoin to regain access.

Still, it’s unknown who is distributing the ransomware or why, but the similarity to Petya has led some researchers to suggest that Bad Rabbit is by the same attack group – although that doesn’t help identify the attacker.

“Most of the targets are located in Russia,” Kaspersky says.

According to ZDnet. the group behind Bad Rabbit is to be a fan of Game of ThronesThe code contains references to Viserion, Dragon, and Rhaegal, the dragons which feature in television series and the novels it is based on. The authors of the code are therefore not doing much to change the stereotypical image of hackers being geeks and nerds.

How can you protect against the Ransomware?

  • Don’t click on phishing emails, malicious adverts on websites, and third-party apps and programs.
  • Don’t download any app from third-party sources.
  • Kindly disable WMI service to prevent the malware from spreading over your network.